Chapter XIII Biometrics: In Search of a Foolproof Solution

BIOMETRIC SYSTEMS

Historical Overview

Manual Biometrics

Biometrics is not only considered a more secure way to identify an individual but also a more convenient technique whereby the individual does not necessarily have to carry an additional device, such as an ID card. As defined by the Association for Biometrics (AFB) a biometric is “...a measurable, unique physical characteristic or personal trait to recognize the identity, or verify the claimed identity, of an enrollee.” The technique is not a recent discovery. There is evidence to suggest that fingerprinting was used by the ancient Assyrians and Chinese at least since 7000 to 6000 BC (O’Gorman, 1999, p. 44). Over a thousand years ago, potters in East Asia, placed their fingerprints on their wares as an early form of brand identity and in Egypt’s Nile Valley, merchants were identified by their physical characteristics (Raina, Woodward & Orlans, 2002, p. 25). The practice of using fingerprints in place of signatures for legal contracts is hundreds of years old (Shen & Khanna, 1997 p. 1364). It is believed that the first scientific studies investigating fingerprints were conducted some time in the late sixteenth century (Lee & Gaensslen, 1994).

In the nineteenth century Alphonse Bertillon in France developed anthropometrics as well as noting peculiar marks on a person such as scars or tattoos. It was as early as 1901 that Scotland Yard introduced the Galton-Henry system of fingerprint classification (Halici, L.C. Jain, Erol, 1999, p. 4; Fuller et al. 1995, p. 14). Since that time fingerprints have traditionally been used in law enforcement. As early as 1960, the FBI Home Office in the UK and the Paris Police Department began auto-ID fingerprint studies (Halici, L.C. Jain, Erol, 1999, p. 5). Until then limitations in computing power and storage had prevented automated biometric checking systems from reaching their potential. Yet it was not until the late 1980s when personal computers and optical scanners became more affordable that automated biometric checking had an opportunity to establish itself as an alternative to smart card or magnetic-stripe auto-ID technology.

Background

According to Parks (1990, p. 99), the personal traits that can be used for identification include: facial features, full face and profile, fingerprints, palmprints, footprints, hand geometry, ear (pinna) shape, retinal blood vessels, striation of the iris, surface blood vessels (e.g., in the wrist), electrocardiac waveforms. Withers (2002), Jain, A. et al. (1999), Lockie (2000), Ferrari et al. (1998, p. 23) and Hawkes (1992, p. 6/4) provide good overviews of various biometric types. Keeping in mind that the above list is not exhaustive, it is impressive to consider that a human being or animal can be uniquely identified in so many different ways. Unique identification, as Zoreda and Oton (1994, p. 165) point out, is only a matter of measuring a permanent biological trait whose variability exceeds the population size where it will be applied. As a rule however, human physiological or behavioral characteristics must satisfy the following requirements as outlined by Jain et al. (1997, pp. 1365f):

§Universality: every person should possess that characteristic

§Uniqueness: no two persons should have the same pattern in terms of that characteristic

§Permanence: the characteristics should not change over time (i.e. invariance)

§Collectability: the characteristic should be quantifiably measurable.

The four most commonly used physiological biometrics include, face, fingerprint, hand geometry and iris while the two most common behavioral biometrics are signature and voice recognition. Other examples of biometric types include DNA (deoxyribonucleic acid), ear shape, odor, retina, skin reflectance, thermogram, gait, keystroke, and lip motion (Bolle et al., 2007, p. 7; Greening, Kumar, Leedham, 1995, pp. 272-278). Even the Electroencephalogram (EEG) can be used as a biometric as proven by Paranjape et al. (2001, pp. 1363-1366). Most of these techniques satisfy the following practical requirements (Jain et al., 1997, p. 1366):

§Performance: refers to whether or not the identifier is accurate, there are technical resources able to capture and process that identifier, and whether there are environmental factors which impact negatively on the decision policy outcome

§Acceptability: addresses whether or not people are willing to use the system

§Circumvention: refers to how easily a system may be duped.

The Biometric System

Independent of which biometric identifier is under consideration for a given application, they are all viewed as automated pattern recognition systems. Typically a biometric system includes a biometric reader, feature extractor and feature matcher. Biometric readers act as sensors, feature extractors take the input signals and compute those special attributes that are unique, and feature matchers compare biometric features attempting to find a match. Typically a biometric authentication system consists of an enrollment subsystem, an authentication subsystem, and database.

Components and Subsystems

In order for a biometric system to work, an individual must be enrolled, at which point the person’s basic measurements of one or more biometrics are taken by the feature extractor and stored in the database (Figure 1). Relevant associated details may be stored alongside the biometric such as the enrollee’s name and unique ID. If the method of authentication uses verification then typically a type of card is also linked to a person’s biometric feature. A subject provides an identifier like an ATM card and places their biometric on a reader. The reader senses the biometric measurements, extracts the features, and compares the input features with what is stored on the database. The system either accepts or rejects the subject from the given application. In the case of straightforward identification during authentication, a biometric sample from the subject is taken and the entire database is searched for matches (Bolle et al., 2007, p. 7). In practice, two separate steps occur: first an authentication mechanism will verify the identity of the subject, and second an authorization mechanism ties the appropriate actions to someone’s identity (Smith, 2002).

There are four steps that typically take place when using a biometric system. First data is acquired from the subject. The digital image captured of the biometric is transferred to the signal processing function (also known as image processing). Usually the data acquisition apparatus is collocated with the signal processor, but if it is not, the image is encrypted prior to transmission taking place. Second the transmission channel which acts as the link between the primary components will transfer the data. It can transfer internal to the device, or over a distributed system, usually over a private network. On occasion data may be acquired remotely at branch locations and data stored centrally. Third the signal processor takes the raw biometric image and begins the process for matching. The process of segmentation occurs resulting in a feature extraction and a quality score. The matching algorithm attempts to find a record that is identical resulting in a match score. Finally, a decision is made based on the resultant scores, and an acceptance or rejection is determined (Raina, Woodward & Orlans, 2002, p. 29-30).

Authentication versus Verification

There are three modes of authentication: (i) possessions (e.g. using a smart card), (ii) knowledge (e.g. recollecting a password), and (iii) biometrics (e.g. using a physiological characteristic of an individual to distinguish them from others). Smith (2002) describes these modes as (i) something you have, (ii) something you know, and (iii) something you are. During automated authentication in biometrics, two methods are common: (i) verification, and (ii) identification. Verification is based on a unique ID which singles out a person and that person’s biometrics, while identification is based only on biometric measurements which are compared to a whole database of enrolled individuals (Bolle et al. 2004, p. 5). Depending on the manner in which biometrics are used, the process of authentication differs. Today, multi-factor authentication is prevalent in most biometric systems (e.g. the use of PINs, ATM cards and a biometric for withdrawing cash from a biometric-enabled ATM machine).

Biometric Identifiers

Since there are several popular biometric identifiers, some space must be dedicated to each. While some techniques are further developed than others, there is not one single identifier that fits all applications. “Rather, some biometric techniques may be more suitable for certain environments, depending on among other factors, the desired security level and the number of users... [and] the required amount of memory needed to store the biometric data” (Zoreda & Oton, 1994, p. 167f). Dr J. Campbell, a National Security Agency (NSA) researcher and chairman of the Biometrics Consortium agrees that no one biometric technology has emerged as the perfect technique suitable for all applications (McManus, 1996).

The brief technical description offered below for each major biometric identifier only takes into consideration the basic manner in which the biometric transaction and verification works, i.e., what criteria are used to recognize the individual which eventuates in the acceptance or rejection of an enrollee (Bigun et al., 1997). For each technique verification is dependent upon the person’s biological or behavioral characteristic being previously stored as a reference value. This value takes the form of a template, a data set representing the biometric measurement of an enrollee, which is used to compare against stored samples. In summary, fingerprint systems work with the Galton-defined features and ridge information; hand geometry works with measurements of the distances associated between fingers and joints; iris systems work with the orientation of patterns of the eye; and voice recognition uses voice patterns (IEEE, 1997, p. 1343).

Fingerprint Recognition

Fingerprints are classified upon a number of fingerprint characteristics or unique pattern types, which include arches, loops and whorls (Cohen 1994, p. 228). If one inspects the epidermis layer of the fingertips closely, one can see that it is made up of ridge and valley structures forming a unique geometric pattern. The ridge endings are given a special name called minutiae. Identifying an individual using the relative position of minutiae and the number of ridges between minutiae is the traditional algorithm used to compare pattern matches (Jain, L. C. et al., 1999; Meenen & Adhami, 2001, pp. 33-38). The alternative to the traditional approach is using correlation matching (O’Gorman, 1999, pp. 53-54) or the pores of the hand. Pores have the characteristic of having a higher density on the finger than the minutiae which may increase even more the accuracy of identifying an individual.

The four main components of an automatic fingerprint authentication system are acquisition, representation (template), feature extraction, and matching (Jain et al., 1997, p. 1369). To enroll a user types in a PIN and then places their finger on a glass to be scanned by a charge-coupled device (CCD). The image is then digitized, analyzed and compressed into a storable size. In 1994, Miller (p. 26) stated that the mathematical characterization of the fingerprint did not exceed one kilobyte of storage space; and that the enrolment process took about thirty seconds and verification took about one second. Today these figures have been significantly reduced. For instance, the template size for a fingerprint in 2002 was 256 Bytes. For major fingerprint and hand geometry biometric developments refer to Higgins (2002, pp. 45-68).

Hand Recognition

Hand recognition differs from fingerprint recognition as a three dimensional shape is being captured, including the “[f]inger length, width, thickness, curvatures and relative location of these features…” (Zunkel, 1999, p. 89). The scanner capturing the images is not concerned with fingerprints or other surface details but rather comparing geometries by gathering data about the shape of the hand, both from the top and side perspectives. The hand, i.e. palm facing downward, is position on the faceplate and a capacitive switch senses the hand is present and initiates a scan. The measurements gathered are then compared to the stored data for matching (McCrindle 1990, p. 101). A set of matrices helps to identify plausible correlations between different parts of the hand. Some equipment vendors use five pegs to help position and stabilize the hand on the faceplate. These pegs act as control points. Typically more than one digital image of the hand is taken- from the view of the faceplate, and also a side view.

The hand geometric pattern requires less storage space than the fingerprint (between 9 Bytes and 20 Bytes depending on the manufacturer) and it takes less time to verify someone’s identity. Quality enrolment is very important in hand recognition systems due to potential errors. Some systems require the enrollee to have their hand scanned three times, so that readings of the resultant vectors are averaged out and users are not rejected accidentally (Ashbourn, 1994, p. 5/5).

Face Recognition

While fingerprinting and hand recognition require a part of the body to make contact with a scanning device, face recognition does not. It is for this very reason that facial recognition systems have been used widely for surveillance and monitoring applications (Figure 2). For example, they are able to scan faces in public places and compare them to watch list databases. Facial recognition usually refers to “…static, controlled full-frontal portrait recognition” (Hong & Jain, 1998, p. 1297). In fact, recognizing someone by their appearance is quite natural and something humans have done since time began (Sutherland, Rengham & Denyer, 1992, p. 29; Weng & Swets, 1999, p. 66; Howell, 1999, p. 225; and Sirohey, Wilson & Chellappa, 1995, pp. 705-740).

Identifying people by the way they look is not as simple as it might sound (Pentland, 2000, pp. 109-111). People change over time, either through the natural aging process or by changes in fashion (including hair cuts, facial hair, make-up, clothing and accessories) or other external conditions (Miller, 1994, p. 28). If humans have trouble recognizing each other in certain circumstances, one can only begin to imagine how much more the problem is magnified through a computer which possesses very little intelligence especially across a sizable population.

What may seem like an ordinarily simple algorithm is not; to a computer a picture of a human face is an image like any other that is later transformed into a map-like object. Paramount in facial biometrics is that the subject must be wholly within the image frame being investigated. This is especially tricky when looking at applications like crowd control where there are dense pockets of people and with variation in seating or stance. The camera’s location, field of view, and background setting need to be tested in extreme situations, to enable faces to be viewed and non-face images to be removed. In facial recognition systems, the segmentation phase is complex, removing background noise. This feature vector is compared against the discriminating power, the variance tolerance, and the data reduction efficiency. Shen and Khanna describe these variables (1997, p. 1422): “[t]he discriminating power is the degree of dissimilarity of the feature vectors representing a pair of different faces. The variance tolerance is the degree of similarity of the feature vectors representing different images of the same individual’s face. The data-reduction efficiency is the compactness of the representation.”

Engineers use one of three approaches to automate face recognition. These are eigen-face, elastic matching, and neural nets (IEEE, 1997, p. 1344). Once the face image has been captured, dependent on the environment, some pre-processing may take place. The image is first turned into grayscale and then normalized before being stored or tested. Then the major components are identified and matching against a template begins (Bigun et al., 1997, pp. 127f). A typical facial pattern can be stored in a template of between 86 Bytes and 100 Bytes. Facial recognition systems work best within controlled environments, and performance depends on this and other environmental factors.

Iris Recognition

The spatial patterns of the iris are highly distinctive. According to Williams (1997, p. 24) the possibility that two irises would be identical by random chance is approximately 1 in 1052. Each iris is unique (like the retina). Some have reckoned automated iris recognition as only second to fingerprints, while others claim that it is the most accurate biometric identifier available today (Daugman, 2006). According to Wildes (1997, p. 1349) these claims can be substantiated from clinical observations and developmental biology. While some manufacturers claim to be able to capture a digital iris image at even 10 meters, commercial systems have a focal distance typical not more than an arm-length away (e.g. ATMs based on iris recognition).

The iris is “a thin diaphragm stretching across the anterior portion of the eye and supported by the lens” (IEEE, 1997, p. 1344). While it was ophthalmologists who were awarded the patent of describing methods and patterns for iris recognition in 1987, it was an academic from Cambridge University who developed the fundamental algorithms to encode an iris pattern (Daugman, 2008). While still involved in academia, Daugman has commercialized most of his research.

The first step in the process of iris identification is to capture the image (Figure 3). This can be done using a normal digital camera with a resolution of 512 dpi (dots per inch). The user must be a predetermined distance from the camera (Jain, A. et al., 1999, p. 9). Second, the image must be cropped to contain only the localized iris, discarding any excess. Third, the iris pattern must be matched, either with the image stored on the candidate’s card or the candidate’s image stored in a database. Between the second and third step processing occurs to develop an iris feature vector. This feature vector is so rich that it contains more than 400 degrees of freedom, or measurable variables. Most algorithms only need to use half of these variables and searching an entire database can take only milliseconds with an incredible degree of accuracy (Williams, 1997, p. 23). Matching algorithms are applied to produce scale, shift, rotation and distance measurements to determine exact matches (Camus et al., 1998, pp. 254-255 and Daugman, 1999, pp. 103-121).

Since iris recognition systems are non-invasive/ non-contact, some extra protections have been invented to combat the instance that a still image is used to fool the system. For this reason, scientists have developed a method to monitor the constant oscillation of the diameter of the pupil, thus declaring a live specimen is being captured (Wildes, 1997, p. 1349). A transaction time of between 4 and 10 seconds is required for iris recognition, although most of that time is spent aligning the subject for the digital image capture.

Voice Recognition

The majority of research and development dollars for biometrics has gone into voice recognition systems, also known as voice verification systems. Due to its attractive characteristics, telecommunications manufacturers and operators in the 1990s like Nortel and AT&T, along with a number of universities allocated large amounts of funds to research in this domain. Since there are literally billions of telephones in operation globally, voice recognition can be used as a means to increase operator revenues and decrease costs (Miller, 1994, p. 30). Among one of the most well-known voice recognition implementations was Sprint’s Voice FONCARD which ran on the Texas Instruments voice verification engine (Boves and Os, 1998, pp. 203-208).

There are two main types of identification in voice recognition, unconstrained and constrained modes of speech. Unconstrained verification is when someone talks as normal, using a diverse lexicon familiar to them, and answering questions naturally without being prompted. This form of verification while still relatively successful is dependent on the application. Depending on the individual’s accent and proficiency in a given language, sometimes this kind of verification is plagued by errors. It can almost be likened to recording an interview on a digital recorder, and running the recorded speech through an automated recognition system- the results are often quite poor. Constrained verification achieves considerably lower errors rates. This is because constrained verification relies on predetermined single words or phrases, often prompted by the system. Australia’s Centrelink call centre is now for the greater part based on voice recognition. A question is posed to the caller and then an answer is captured by the system, and then replayed to callers for confirmation.

Out of all the variety of biometric technologies, consumers consider voice recognition as the most friendly. Markowitz (2001) wrote that “[d]espite the dot.com crash, 2001 [was] … a very good year for [speaker verification] vendors, with the number of pilots and actual deployments increasing”. The two major types of voice recognition systems are text-dependent and text-independent. The way voice recognition works is based on the extraction of a speech interval sample typically spanning 10 to 30 ms of the speech waveform. The sequence of feature vectors is then compared and pattern matched back into existing speaker models (Campbell, 1999, p. 166). While voice recognition is not the most secure technology, i.e. it is open to playback attacks, if used in concert with a PIN or smart card, false acceptance rates are strengthened significantly. For concise technical details on how voice recognition systems work see Orlans (2002, pp. 83-85).

System Accuracy

While biometric techniques are considered to be among the most secure and accurate automatic identification methods available today, they are by no means perfect systems. False accept rates (FAR) and false reject rates (FRR) for each type of biometric are measures that can be used to determine the applicability of a particular technique to a given application (Ruggles, 1996b). Some biometric techniques may also act to exclude persons with disabilities by their very nature, for instance in the case of fingerprint and hand recognition for those who do not possess fingers or hands. In the case of face recognition systems, one shortcoming is that humans can disguise themselves and gain the ability to assume a different identity (Jain, A. et al., 1999, p. 34). Other systems may be duped by false images or objects pertaining to be hands or iris images of the actual enrollee (Miller, 1994, p. 25). Carter and Nixon (1990, p. 8/4) call this act forgery. Putte (2001) discusses the challenge for a fingerprint scanner to recognize the difference between the epidermis of the finger and dummy material (like silicone rubber) (BBC, 2002).

In the case of the ultimate unique code, DNA, identical twins are excluded because they share an identical pattern (Jain, A. et al., 1999, p. 11). Even voice recognition systems are error-prone. Some problems that Campbell (1997, p. 1438) identifies include: “misspoken or misread prompted phrases, extreme emotional states, time varying microphone placement, poor or inconsistent room acoustics, channel mismatch, sickness, aging.” Another issue with voice recognition systems is languages. Some countries like Canada have populations that speak several languages, i.e., English and French. Finally the environment in which biometric recognition systems can work must be controlled to a certain degree to ensure low rates of FAR and FRR. To overcome some of these shortcomings in highly critical applications, multimodal biometric systems have been suggested. Multimodal systems use more than one biometric to increase fault tolerance, reduce uncertainty and reduce noise (Hong & Jain, 1999, pp. 327-344). Automated biometric checking systems have acted to dramatically change the face of automatic identification. It is believed that in the future, esoteric biometric systems, including things like brain wave patterns, will prevail. It is possible that the driver’s license of the future may not only be able to identify a driver using traditional physiological biometric, but also detect if someone should be driving or otherwise under the influence of alcohol or drugs using esoteric biometrics (Woodward, Orlans & Gatune, pp. 135-136).

THE BIOMETRIC INNOVATION SYSTEM

An Emerging Technology

At the turn of the 21st century, the biometrics industry was considered “young” and “emerging” (Kroeker, 2000, p. 57; Tilton, 2000, p. 130; A. Jain, 2004). Today, propelled forward by changes to traditional travel documents due to a turbulent global environment, biometrics are rapidly being deployed worldwide. As Burnell (1998, p. 2) accurately stated, “[f]our years ago, if you talked about a biometric, it was new to just about everybody… That’s just not the case anymore. Resellers are seeing the benefits of biometrics for certain applications”. In 2001, the biometrics industry was made up of about 150 separate hardware and software vendors (Liu & Silverman, 2001, p. 30). The number has oscillated in the last few years, as some biometrics hardware vendors have converged and new software-related vendors have emerged. Estimates in 1990 (Parks, p. 98) indicated that there were over one hundred firms, institutions and government agencies that had substantial activity in the area of Automatic Personal Identification (API). Biometrics companies are usually small in size when compared to the rest of the computer industry. For this reason they are dependent on resellers and systems integrators to get their product to market (Burnell, 1998, p. 2).

Given the nature of the technology it can be a difficult task finding the right integrators in the right place at the right time to implement a particular type of solution. While integrators and support technology providers play an important role in biometric implementation, the actual service provider is equally responsible for the longer-term operational success of the application (M2SYS, 2008). Realizing this, the Department of Social Services in Connecticut made extensive use of cross divisional workgroup teams to ensure a buy-in of the new process by DSS staff first. The work group teams focused primarily on process integration (Connecticut Dept., 1998, p. 1).

A fair degree of customizability and niche expertise is required in biometric applications- it is not a case of one size fits all. For example, an integrator specializing in fingerprint recognition systems usually does not have the same level of competency to do a voice recognition implementation. Thus, each new customer contract is not only an opportunity to gain more revenue but also exposure to a different set of problems that will equip all the stakeholders with valuable tacit insights for the longer-term.

Over the last ten years, integrated solutions for biometrics have seen the formation of a number of alliances that have led to a greater acceptability of the auto-ID technique. For instance, in 1999, biometrics provider Sensar had seven high profile partners including: Citibank, OKI, Siemens Nixdorf, Fujitsu, NCR, LG Electronics and WANG Global (Sensar, 1999). In most cases the hardware suppliers are teaming with software companies, while some other companies have enjoyed such synergy within an alliance that they have sought to form completely new companies together. Investors have generally been wary of sponsoring technologies like biometrics that have not proved completely roadworthy in certain situations; and in these instances “banks [especially] tend to err on the side of caution” (Jacobs, 1998, p. 1). Even government departments are said to stay away from bleeding edge technology that are not on the evaluated list of products (EPL). They need to undergo thorough testing before they are adopted (Withers, 2002, p. 78).

In recent times however, the major computing, networking, security and Original Equipment Manufacturers (OEM) have begun to play a more visible role in the support and development of biometric technology as they have seen its potential bolster, particularly through government adoption for mass market applications. An example of an OEM agreement in smart card is between Australian company Intellect and NCR. Some of Intellect’s smart card system components are NCR-badged (Bell, 1997, p. 37). The NCR brand name is more well-known than that of Intellect and NCR like to promote a uniform brand image to their customers so it looks like they can provide an end-to-end smart card solution. As end-to-end solution providers start to surface and the infrastructure to support biometrics is put in place the technology will inevitably stabilize.

From Proprietary to Open Standards

The Increasing Need for Interoperability

One problem that so many small players in biometrics causes is in the fragmented and non-standard manner in which vendors develop their products, in isolation from one another. For instance, Vendor A may have developed a robust biometric technology that solves a particular part of an overall solution, and Vendor B may have a supplementary piece of technology, but the two products from each vendor cannot be integrated for a particular solution without some expensive and arduous programming. As has often been stated, “[t]his makes it difficult to link biometric technologies from different vendors, freely substitute biometric technologies, or use a single technology across multiple applications” (Lawton, 1998, p. 18). This has deterred customers from choosing biometric solutions and in the opinion of many players has held back the industry.

Like most new technologies, biometrics companies have been slow to embrace a set of standards. “The existence of a single industry standard will settle the confusion caused by competing specifications and hasten the adoption of biometric technology for a wide range of commercial applications” (Tilton, 2000, p. 132). Standards play a strategic role in deregulating the industry and making it a more competitive field, granting customers a greater variety of choice. Lazar (1997, p. 3) believes that biometric technology is not different to any other new technology. Initially, there are few standards and most systems are proprietary contributing to a lack of standard infrastructure for storing and transferring data captured. The important features organizations seeking to adopt biometric technology should look for are outlined by Liu and Silverman (2001, p. 32). These include: “the biometric’s stability, including maturity of the technology, degree of standardization, level of vendor and government support, market share, and other support factors. Mature and standardized technologies usually have stronger stability.”

The Development of Standards for Law Enforcement

Traditionally biometric technology was used for government and law enforcement applications where a high degree of custom integration was required. Manual standards for instance existed since the 1920s when the FBI (Federal Bureau of Investigation) in the U.S. started processing fingerprint cards. These standards ensured completeness, quality and permanency. In the 1980s another standard was devised to herald in the new live-scan fingerprint devices; the Minimum Image Quality Requirements (MIQR) was born. Eventually the FBI allowed virtual fingerprint cards to be submitted electronically and a new set of standards had to be introduced including “comprehensive guidelines on the required message formats and image quality standards” (Higgins, 1995, p. 2). Finally the FBI transitioned to the Integrated Automated Identification System (IAFIS). Higgins observed that many of the existing standards had corollaries in the electronic world- they did not just disappear, but were carried over. For example, ANSI/NIST-CSL 1-1993 describes the record types associated with digital fingerprint transmission. Today what is needed is off-the-shelf type biometrics for rapid deployment and this is currently what is being evolved.

BioAPI

With so many small companies, and so many different types of biometric techniques and components one can only imagine the number of proprietary interfaces, algorithms and data structures that were introduced by the biometrics community. As the small industry began to grow, vendors started to offer software development kits (SDKs) with proprietary APIs. While this was a step in the right direction the standards were still proprietary. According to Burnell (p. 1) 1998 was a defining stage in biometrics history as suppliers began to reach out to the wider computing community. Several specifications were published by ANSI, the International Computer Security Association (ICSA) certified biometrics products for the first time, and AIM USA began undertaking biometrics efforts along with the formation of the International Biometrics Industry Association (IBIA). The standards issue gathered momentum as large players like the Microsoft Corporation saw the technology’s potential and the BioAPI Consortium was born.

The creation of a standard application programming interface (API) was championed by the Consortium. “BioAPI is an open-systems standard developed by a consortium of more than 60 vendors and government agencies. Written in C, it consists of a set of function calls to perform basic actions common to all biometric technologies, such as enroll user, verify asserted identity (authentication), and discover identity” (Liu & Silverman, 2001, p. 30). The importance of the BioAPI standard is highlighted in Dunstone (2001, pp. 351-354). BioAPI is based on an architecture model which contains two to four layers, depending on the design. The highest level contains the fundamental biometric functions. The lowest level is where the control of interfaces with devices occurs (Tilton, 2000, p. 131). An example of a draft level standard is the Biometric Exchange File Format which defines how to store and exchange data from a variety of biometric devices (Liu & Silverman, 2001, p. 30). Subsequent to the fine work of the BioAPI Consortium has been that of the Information Technology Laboratory (ITL).

After the tragic events of the September 11th attacks, biometric standards activities were accelerated in response to newly formed U.S. security legislation. ITL spearheaded this development in collaboration with Federal Agencies, end-users, biometric vendors and the IT industry at large. In 2003, the standards activities were extensive and gaining a great deal of attention. Some of these standards activities included the INCITS M1-Biometrics Technical Committee, Common Biometric Exchange File Format, ANSI INCITS 358-2002 Information Technology- BioAPI Specification (Version 1.1), Human Recognition Services Module (HRS) of the Open Group’s Common Data Security Architecture, ASNI X9.84-2000 Biometrics Management and Security for the Financial Services Industry, ANSI/NIST-ITL 1-2000 Fingerprint Standard Revision, AAMVA Fingerprint Minutiae Format/National Standards for the Driver License/Identification Card DL/ID-2000, Part 11 of the ISO/IEC 7816 standards, and NIST Biometric Interoperability Performance and Assurance Working Group (NIST, 2002; INCTIS, 2002).

Formal ISO Standards

It is without a doubt that the BioAPI Consortium activities placed pressure on the International Standards Organization (ISO) to develop “formalized” biometric standards to assist with the proliferation of biometric applications worldwide (Stapleton, 2003). Without a common language, the implementation of automated recognition systems would have been severely inhibited. In 2002, Subcommittee 2 of the ISO Technical Committee 68 (TC68/SC2) was tasked with developing standards directly related to the security management and general banking operations audience in the financial industry. At that time ISO also established a Joint Technical Committee (JTC) with the International Electrotechnical Commission (IEC) to address information technology standards relevant to biometric technology. Since that time, a great deal of change has occurred and a number of new standards have emerged (ISO, 2008). Some of these include:

Of particular interest is the more recent activity in 2007/08 in the formation and further enhancement of standards to meet a need in the industry at large, not to mention changes to legislation especially in the United States.

Consortiums and Associations

Apart from the BioAPI Consortium, a number of other working groups have formed to support biometric technology. These consortiums differ somewhat from the smart card consortiums. They have been established for the purpose of instilling stakeholder confidence in the technology and to bring together key representatives who have a common interest. Among the list of consortiums and associations active at the turn of the century, was the European Biometrics Forum (EBF), International Biometric Association (IBIA), the Commercial Biometrics Developer’s Consortium (CBDC), the Biometric Testing Services (BIOTEST), the Association for Biometrics (AfB), the Financial Services Technology Consortium, the International Association for Identification (IAI), and the National Centre for Identification Technology. It is standard practice for government tenders to be channeled through consortia. The tender responses are usually championed by integrators such as TRW, Unisys, Siemens, IBM and include traditional biometrics manufacturers like Motorola, NEC, Sagem and Cogent, and card manufacturers like Gemalto (Didier, 2004).

The EBF (2008) is one of the more active forums in Europe and has the aim of “addressing barriers to adoption and fragmentation in the marketplace. The forum also acts as the driving force for coordination, support and strengthening of the national bodies.” IBIA which is based in the United States, mainly “focuses on educating lawmakers and regulators about how biometrics can deter identity theft and increase personal security” (Kroeker, 2000, p. 57). The IBIA has established a strong code of ethics for members to follow. BIOTEST is a European project aimed at developing standard metrics for measuring/comparing the performance of biometric devices. The AfB want to be considered an international authority on biometrics. Whereas “…other industry organizations are mainly designed for biometric industry companies, the AfB’s membership will continue to be a broad church comprising biometric suppliers, end users, government agencies, academics and consultants” (Lockie, 2001).

The Biometric Consortium

Perhaps the most influential of them all however is the Biometric Consortium (Alyea & Campbell, 1996). The Biometric Consortium can be likened to the Smart Card Forum in aim and purpose, except that it is working on behalf of the U.S. Government and represented by officials from six executive government departments and each of the military services. Lawton (1998, p. 18) makes an interesting observation about biometric technologies, stating that “[s]ecurity technologies start with the government, and work their way down to industrial and then finally to personal applications” (Lawton, 1998, p. 18). The Biometric Consortium was established in 1992 (its charter formally approved in 1995) and meets to promote biometrics, create standards and relevant protocols, provide a forum for information exchange between stakeholders, to encourage government and commercial interaction, to run workshops linking academia and private industry and address ethical issues surrounding the technology among other things (Alyea & Campbell, 1996, p. 2). By establishing one central body for the research, development, testing and evaluation of biometrics, the National Security Agency (NSA) formed the Consortium as part of its Information Systems Security mission and invested personnel resources and funds to provide support to the Consortium. The NSA considered biometrics to have excellent potential for DOD (Department of Defense) applications and other Federal agencies and wanted the independent technical capability to make decisions for government needs.

The U.S. government became especially interested in biometrics in the 1970s. They commissioned the Scandia Labs to compare various biometric identifiers. The report concluded that this technique was more accurate than the others. So influential were the findings of the government-commissioned report, that “[t]he impact of the study was to shift focus on fingerprint technology. Because of this early emphasis on fingerprint technology, the years since 1970 have produced a large body of research and development in fingerprint identification algorithms and integrated systems” (Ruggles, 1996a, p. 8). Thus it is not surprising that the U.S. government, more than twenty years later, invested time and money into the establishment of the Biometrics Consortium. The Consortium however, is also concerned with the exchange of information between the government, private industry and academia. For now, it serves as the U.S. government’s testing ground for the future of biometrics in public administration.

Government and Industry Links with Academia

Biometrics research centers have sprouted up all over the globe (BC, 2009). This is one technology where there is a lot of scope for government and industry linkages with academia for the development of potential biometric applications. In 2001, for instance, DOD became a member of the Centre for Identification Technology Research (CITeR) at West Virginia University (WVU). WVU has one of the world’s leading forensics degree programs (CITeR, 2008). CITeR was developed in collaboration with Marshall University, Michigan State University and San Jose State University to serve as one of the first academic biometric centers. The latter was awarded a 400,000 U.S. dollar contract in 1995 to “study and develop standards for biometric identifiers for use with commercial truck drivers’ licenses” (Woodward, 1997, p. 1482). Research on biometrics at San Jose University began in 1994.

In 1997 the Biometric Consortium established the National Biometric Test Centre at the university. San Jose is also the only university to participate as a member in the Biometric Consortium. In Asia, the Hong Kong Polytechnic University has some impressive ties with industry and other academic institutions including the National Tsing Hua University in Taiwan, University of Sinica and University of South Florida. The Lab in Hong Kong specializes in transferring multiple biometric technologies to industry and is currently exploring integrated biometric solutions. It is continually building up its knowledge base as it sees local opportunities for biometrics arising. Other universities involved in biometric research include: MIT Lincoln Labs, Purdue University, Nagoya University (Japan) and Rutgers University. Some of the European universities researching biometrics include: the University of Bologna (Biometric Systems Laboratory in Italy), the University of Neuchatel (Pattern Recognition Group- IMT in Switzerland), and the University of Cambridge (Speech Vision and Robotics Group).

Legislation and New Technologies

Laws almost always lag behind new innovations. In the case of biometrics, this is not any different (Walden, 2000, pp. 2/1-2/11). Kralingen, Prins and Grijpink (1997, p. 2) believe that “[w]hen a new technology is introduced, its applicability and the adequacy of existing laws needs to be examined.” Yet opinions are divided whether present laws are sufficient to handle privacy issues or new protections for privacy need to be introduced specifically for biometrics (van der Ploeg, 2003). Woodward (2002b, pp. 220-231) discusses the right to privacy with respect to biometrics using three paradigms referencing the work of Robert Ellis Smith, editor of the Privacy Journal: physical privacy, decisional privacy and informational privacy. Physical privacy has to do with freedom from contact with others including those who are tasked with monitoring. Decisional privacy is the freedom of the individual to make choices, such as whether they may opt-in or opt-out of a service, without coercion or pressure by the government. And informational privacy is the right of the individual to limit information about him or herself. For information privacy as related to the law, the works of Solove should be studied extensively (Solove, 2004, 2008a, 2008b; Solove, Rotenberg & Schwartz, 2005, 2006).

Biometric Laws, Regulations or Codes of Conduct?

Despite their increasing deployment due to the falling cost of biometrics and government policy, for courts the technology is still new- there is no law governing biometrics in the United States.Woodward (1997, p. 1487) argues that “[w]e do not need a new “Law of Biometrics” paradigm; the old bottles will hold the new wine of biometrics quite well.” The best service providers can do is to develop their own Code of Fair Information Practice (CFIP) to gain the confidence of the consumer, even if these are not enforceable by law (Woodward, 1997, p. 1484). It follows from this that there is a growing need for policy makers to understand biometric technology and how unique human features stored digitally can be misused.

In Australia, the Biometrics Institute (2006) introduced a Privacy Code which was approved by the Privacy Commissioner in 2006 as related to Section 18BB(2) of the Privacy Act 1988 (Cth). According to the Biometrics Institute, the Privacy Code sought to build on Australia’s national privacy principles (NPPs) in “a manner that provides the community with the assurance needed to encourage informed and voluntary participation in biometrics programs. Biometrics Institute members understand that only by adopting and promoting ethical practices, openness and transparency can these technologies gain widespread acceptance.” As is the case with all “codes” the level of enforceability is questionable. Yes, members promise to adopt ethical practices, but generally the stakeholders developing the technology are not the ones who are tasked with ensuring the end-user’s private information remains private in the long term. Still, at least the Australian Government has attempted to address the matter rather than ignoring it altogether (DCITA, 2004).

Government Biometric Applications and Legislation

Kralingen, Prins and Grijpink (1997, p. 1) prefer the proactive approach rather than “simply waiting until problems arise and then think[ing] up an ad hoc legal solution” later. By the time a new innovation is introduced and adopted by the mass market, some analysis of the legal implications of those applications can be conducted. At the present, the reverse can be said to be taking place, as governments especially, throughout the world implement citizen mass market biometric applications for voting and social security welfare without a great deal of public discourse. In 1998 Mexico and Brazil followed several other countries when its national parliaments officially decided to use biometric technology to secure the voting process (Bunney, 1998, pp. 2-3). This is not to say that governments are ignoring legislative impacts of the technologies they are using to facilitate citizen services. Rather, it seems that government choices in technology are driving legislation in some states to enable the deployment to be fast-tracked. Wayman (2000, p. 76) supports this argument: “[e]ncouraged or mandated by federal legislation, governmental agencies at all levels have turned to technology in an attempt to meet… requirements.”

One of the most contentious issues in biometrics today is whether enrolment in particular applications is obligatory as opposed to voluntary. Wayman’s (2000, pp. 76-80) study on federal biometric technology legislation covers drivers licensing, immigration, employment eligibility, welfare and airport security and uncovers some interesting findings. The former has statutory implications (Kralingen, Prins and Grijpink, 1997, p. 2) because a biometric can be considered a type of personal data, owned by the individual. Perhaps the fundamental question is whether or not a government requirement to record a particular biometric is in breach of a citizen’s legitimate right to privacy. However, what court cases in the U.S. have consistently ruled on, is that certain biometrics do not violate federal laws like the Fourth Amendment.

O’Connor (1998, p. 9) determined that the “…real test for constitutionality of biometrics… appears to be based on the degree of physical intrusiveness of the biometric procedure. Those that do not break the skin are probably not searches, while those that do are”. Incidentally, O’Connor’s legal consideration is not in contradiction with a critical theological interpretation of the “mark” of the beast (Revelation 13:17). In the original Koine Greek (New Testament), the “mark” is described as a charagma, which literally means an incision into the skin, not just a mere surface mark such as a tattoo (M.G. Michael, 1998, p. 278, ft. 3). Yet, even scars and tattoos are being collected by the Federal Bureau of Investigation (FBI) so that several pieces of biometric information can be used to positively identify a suspect (Arena & Cratty, 2008).

In purely rational terms it is also a difficult case to argue against a technology that could save governments (and subsequently taxpayers) millions of dollars in areas like Social Security by reducing fraud. For example, in the U.S. changes to Regulation E in 1994 granted citizens, limited liability to EBT (Electronic Benefits Transfer) at the federal, state and local government level. “The Government Office of Accounting (GAO) projected fraud losses as a result of the Regulation E amendment, in the vicinity of 164 million and 986 million dollars” (Fuller et al., 1995, p. 8). In another example in the U.K. the National Audit Office (NAO) reported that one in ten welfare claims are fraudulent. In 1995 NAO estimated that 561,000 people made fraudulent Social Security claims at a cost to the government of 1.4 billion U.K. pounds (SJB ed., 1996a, p. 1). The fear is however, that biometrics gathered for one purpose could be submitted as admissible proof, in a court of law, for a completely different purpose. Among the most versatile biometrics used to show criminal activity are fingerprints and DNA (Brinton & Lieberman, 1994).

The Terrorism Threat

O’Connor (1998) has suggested that guidelines be set-up for biometric records such as in the case where an arrest does not lead to a conviction. Consider the national DNA database established by the FBI (Herald Tribune, 1998, p. 7) and its subsequent implications. The database is similar to that launched in the U.K. in 1995 that has matched 28,000 people to crime scenes and made 6,000 links between crime scenes. The debate over access to biometrics has taken on another perspective since the recent terrorist attacks on the U.S. World Trade Centre in 2001 and the Bali bombing in 2002. As a result of the September 11th attacks, the U.S. moved quickly to create several Public Laws. Relevant to biometrics are Public L No 107-56 (US Government, 2001), 107-71 and 107-173 (USA Government, 2002). Public L No 107-65 describes the appropriate tools required to intercept and obstruct terrorism, Public L No 107-71 focuses on introducing emerging technologies like biometrics for airport security for personnel, and Public L No 107-173 is about enhanced border security and visa entry reforms (NIST, 2002; Snyderwine & Murray, 1999).

O’Connor (1998, p. 9) prophetically stated years before the events of September 11th, that “[t]he government [would] still be able to show compelling state interests in combating terrorism, defending national security, or reducing benefits fraud sufficient to preserve the program’s constitutionality.” In these extreme circumstances (i.e. terrorism attacks) the case for mandatory biometric identification seems a great deal stronger. When comparing the mandatory recording of a biometric feature against the innocent loss of lives in a terrorist attack, biometrics as a human rights violation diminishes in importance. However, “[w]hile some people have revised their opinions about the invasiveness of various biometric techniques in light of the September 11th tragedy, the privacy debate continues throughout the US. If this hurdle is to be overcome, accurate information and education will still be required” (Watson, 2001). Having said that, government applications that use biometrics should be considered carefully (O’Neil, 2005).

A current case (S. AND MARPER v. THE UNITED KINGDOM) which was fought out in the European Court of Human Rights unanimously ruled that the storage of fingerprints and DNA in Britain of all criminal suspects, even individuals who turned out to be innocent, was a violation of the human right to privacy (European Court of Human Rights, 2008). More than any other in modern times, this court case has shown the conflict between technological progress and jurisdictional and societal issues pertaining to biometrics (Freeman, 2003; Lyall, 2008). While the outcome of this court case has far-reaching implications in Britain and more broadly in the European Union, it remains to be seen what kind of power the ruling has in non-member states internationally. Will the government of the United States, for instance, ever consider ceasing to collect fingerprint records of all aliens traveling to its shores? We will not be able to go back to an era of purely paper-based documentation without microchips in passports and the like. Layers of infrastructure built-up are almost impossible to tear down.

Kralingen, Prins and Grijpink (1997, p. 3) stipulate that the government has a role to play in ensuring that an adequate framework is in place for a given context, that special attention be placed on user acceptance, and the quality of critical social processes is to be guaranteed. The legislative process to get a bill through parliament can take a long time. In the case of the Connecticut DSS (Department of Social Security) it took three years for welfare recipients (those on general assistance (GA) and Aid to Families with Dependent Children (ADFC)) to be digitally fingerprinted. Jeanne Garvey who worked on the legislation said the process was unexpectedly difficult. She is quoted as saying “I didn’t know the process or the key people, but I know one thing- if you want to get something done you go to the top” (Storms, 1998, p. 2). The article by Storms on Garvey shows the complexity of human relationships in these types of projects. One is left to ponder on whether Garvey’s endeavor to reduce DSS fraud turns out to be a self-seeking journey to topple her opponents. Garvey says: “[i]f you want something badly enough, you have to be in people’s faces a little bit harder”. Perhaps however, it is not about wanting something badly enough, it is about doing the right thing by citizens, since as a senator you are acting on behalf of your constituents. Garvey continues: “I had to baby-sit this thing like a hawk… the thing I learned through this whole experience was never, never, never give up… these are once-in-a-lifetime type things” (Storms, 1998, pp. 3-4).

Biometrics and Privacy: Friend or Foe?

There are two schools of thought when it comes to biometrics: either these devices are privacy safeguards or they are privacy’s foe (Woodcock, 2005). Woodward (1997, pp. 1485-1489) explains the notion of “privacy foe” and “privacy friend” in his landmark paper on biometrics and elaborates further in a book chapter (2002a, pp. 197-215). Woodward summarizes the case of biometrics being privacy’s foe by discussing the loss of anonymity and autonomy, the “Big Brother” scenario, function creep and the degradation of the individual’s right to privacy. Of “privacy’s friend” Woodward discusses biometrics with respect to safeguarding identity and integrity, limiting access to private information, serving as a privacy enhancing technology, as well as providing benefits of convenience.

Dunstone (2001) describes the opposing thoughts in another way, those users who believe that there is no downside to privacy by using biometric technology and those who would only use biometrics in extremely limited circumstances (if at all). He writes: “[b]oth sides have salient points to back up their views. However there is significant middle ground which deals with the responsible and pragmatic use of biometrics”. The positions have been summarized by Clarke (1994):

“1) biometrics do help to protect an individual’s right to privacy because identification is ensured and access to information is limited;

2) biometrics is “a threat to civil liberties, because it represents the basis for a ubiquitous identification scheme, and such a scheme provides enormous power over the populace” (Clarke, 1994).

For Clarke and others like him, any high-integrity identifier such as biometrics represents a threat to civil liberties, potentially providing the State with enormous power over the populace.

Citizen Fears

Those who belong to privacy’s foe hold numerous fears about biometrics and related technologies (Computing, 1999; Moskowitz, 1999, p. 85). McMurchie (1999, p. 11) writes of the risks associated with biometrics. First, some users do not like the idea that they must give up a biometric identifier which is unique. Second, some people believe that an underground market will form around biometric data. Third, people believe that before too long, biometric data may be used for law-enforcement purposes. Fourth, some biometric data may be linked to centralized databases containing medical history (Woodward, 1997, p. 1484). Fifth, data gathered for one purpose may be used for another depending on who has power over it. This is the very real possibility of function creep. Davies is adamant, “[w]e would go for outright prohibition on the transfer of biometric data for anybody, for any purpose. If I give my biometric data for a specific purpose then it is locked-in, for all time, for that purpose. I cannot give my consent for its transfer and no one can force, or request for access to that information” (Roethenbaugh, 1998, p. 2). The U.S. social security number (SSN) introduced in 1936 is an excellent example of function creep (Hibbert, 1996, p. 686). It ended up being used by the banking sector, among numerous other uses. “The risks to privacy therefore do not lie in data by themselves, but in the way in which they are concatenated- or, more, generally, ‘processed’ or ‘handled’- for some specific purpose” (Sieghart, 1982, p. 103).

Sixth, biometrics technology discriminates some persons with disabilities. Jim Wayman, head of the National Biometrics Test Centre at San Jose State University, says that biometric systems are not perfect. He notes that 2% to 3% of the population cannot use them at any given time: “[e]ither they don’t have the (body) part or the part doesn’t look and work like everyone else’s, or something is just off” (Weise, 1998, p. 2). It is to this end that widespread consumer acceptance of the technology has been hampered. Service providers are aware of people’s privacy concerns and are conducting trials before implementing fully operational biometric systems to gauge the amount of end-user resistance. For example, when Nationwide considered using iris identification, a spokesman said: “[i]t’s a very unknown area, and we want to see what the reaction is like and whether or not it is commercially viable” (Craig, 1997, p. 3). What trials have discovered is that in general, “[t]he less intrusive the biometric, the more readily it is accepted” (Liu & Silverman, 2001, p. 32).

Government Tracking Citizens without Individual’s Consent

Agre (2001) argues that “[f]ace recognition systems in public places… are a matter for serious concern. The issue came to broad public attention when it emerged that fans attending the 2001 Super Bowl had unknowingly been matched against a database of alleged criminals…” In his case study on this event, Woodward (2001, p. 7) writes of the potential for “super surveillance” and refers to the ability of a tracker (in this case authorities) to follow a person and monitor their individual actions in real time or over a period of time. Agre’s concerns about facial recognition are similarly voiced by Rosenweig (2000).

In Hong Kong, Mathewson (1998) reported how hair testing helped detect drugs in school students. In this case, if a sample of hair was retained for DNA records it would be unethical. Increasingly, civil-libertarians are rejecting the implementation of any biometric technology: “Imagine an America in which every citizen is required to carry a biometrically-encoded identification card as a precondition for conducting business. Imagine having your retina scanned every time you need to prove your identification. Imagine carrying a card containing your entire medical, academic, social, and financial history. Now, imagine that bureaucrats, police officers, and social workers have access under certain circumstances to the information on your card. Finally, imagine an America in which it is illegal to seek any employment without approval from the United States government” (Williams, 1996, p. 1). Woodward (1997, pp. 1489-1490) differentiates between the notion of biometric centralization versus balkanization.

According to Wayman (2000, p. 76), the privacy fear is very much related to how governments could use biometric records in the future to track individuals in real-time. Wayman states that those people who propose, design and implement biometric solutions for government applications are sympathetic to citizen concerns about potential breaches in privacy. This is likely to be true but as vigilant as the technology providers may be there are defining limits to the number of hours and the number of resources any one company can dedicate to a project. In a perfect world, a perfect biometric solution could operate without any qualms but the world we live in is not perfect, and no one can categorically state that a system is foolproof even if the teams working on the solutions do their very best. Dale (2001) writes that privacy concerns are an issue for biometrics used, especially those for the purposes of law enforcement. The challenge is in the sharing of sensitive data between the relevant agencies. In an interview Davies states: “[w]e can conceivably end up with a multiple purpose national/international system from which people can’t escape” (Roethenbaugh, 1998, p. 2).

Perhaps the most controversial of all biometrics is DNA and its potential future applications. According to the Privacy Committee of Canada (1992, pp. 16-25), current and potential uses of genetic testing (i.e. acquiring a DNA sample) include: workplace testing, screening associated with human reproduction, screening as part of basic medical care, genetic screening to determine the right of access to services or benefits, forensic DNA analysis in criminal investigations and testing for research. For example: “[e]mployers (both public and private sector) may wish to identify “defective” (less productive) or potentially defective employees or applicants through genetic screening” (p. 16); and “Governments may one day wish to test persons to see if they are genetically suited to have access to certain services (advanced schooling, immigration or adoption)… or benefits (disability payments)” (p. 20). While the Privacy Committee of Canada offer a number of recommendations, one can only begin to ponder on the potential privacy issues linked with such widespread use of DNA. An incorrect record entry could affect an individual’s life indefinitely. An opposing argument however could lay claim that neglecting to use DNA evidence in a court of law may mean that innocent persons are not exonerated for crimes they have not committed.

End-User Resistance

Biometrics has also differed to any other auto-ID device before it, in terms of its level of invasiveness.According to the Sandia report, retinal scan had the most negative client reaction when compared to other biometric techniques. The “users have… concerns about retina identification, which involves shining an infrared beam through the pupil of the eye” (Ruggles, 1996a, p. 7). Lazar (1997, p. 4) has noted that “[f]ears of ‘Big Brother’- combined with intrusive measuring devices such as bright lights and ink pads- have had even technophiles dragging their feet on occasion. As the systems have become less intrusive however, user resistance has dwindled, but the suspicion is still there, vendors said, and agencies should not underestimate the importance of a user feeling comfortable with a technology.” According to Gunnerson (1999) people were used to remembering PINs and carrying cards but they were definitely not used to using body parts to grant them access to funds etc.

Biometrics has forced an ideological and cultural shift to take place (Ng-Kruelle, Swatman, Hampe, & Rebne, 2006, p. 16). The human body almost becomes an extension of the machine for that one moment that the physical trait is being verified or authenticated (Solove, 2004). The body becomes analogous to a token, i.e., something we have but at the same time, it is something we are.Davies (1996, pp. 236-239) describes something similar to this in his book on the section entitled the Future of Fusion. This is what could be considered intimate human-computer interaction (HCI). And biometrics designers have had to pay attention to consumer requirements when building biometric systems to minimize resistance. For example, the stigma that biometrics is for law enforcement has some users opposed to being fingerprinted even for physical access control applications (Lazar, 1997, p. 2). When biometrics for social security services was first proposed in the state of Connecticut to say it was controversial “…would be an understatement… Public perception and the association of fingerprinting with the criminal element was pervasive” (Connecticut Dept., 1998, p. 1). But this in itself did not stop its implementation (Heckle, Patrick, Ozok, 2007).

The Right to Opt Out of Any System for Any Personal Reason

While designers can respond to making biometric systems more user friendly, they really cannot cater for the needs of those people who hold religious beliefs about how biometric technology may lead to the fulfillment of prophecy, particularly in the widely quoted Book of Revelation (Michael, 1999). Short of calling this group of people fundamentalists, as Woodward (1997, p. 1488) does of one prominent leader, Davies is more circumspect in his appraisals: “I think they’re legitimate [claims]. People have always rejected certain information practices for a variety of reasons: personal, cultural, ethical, religious and legal. And I think it has to be said that if a person feels bad for whatever reason, about the use of a body part then that’s entirely legitimate and has to be respected” (Roethenbaugh, 1998, p. 3).

Dunstone (2001), the executive director at the Biometrics Institute also adds “[p]ublic concerns over biometric use should be taken seriously. It is particularly important that these issues are openly recognized as valid, both by the biometric vendors and by system implementers, if they are to reduce the risk of adverse public sentiment, particularly for those systems that are intended for wide scale deployment.” Opponents to the DSS Connecticut fingerprint imaging scheme for instance, mostly argued that fingerprinting was invasive and dehumanizing. These opponents cannot be considered fundamentalists just because they do not agree with the State. The naive response of the DSS was to “narrow [public] perception” by making the states chief executive the first to be fingerprinted (Connecticut Dept., 1998, p. 2). Of course, if it was that easy to change public perception, it would be equally easy to change people with all sorts of cultural, religious and philosophical objections against biometrics. This kind of intolerance to diverse attitudes however is dangerous. The Australian Federal Privacy Commissioner and the president of the Australian Council of Liberties have expressed concerns over privacy implications for an Australian passport based on face recognition. The response has been “whether we like it or not, it’s going to happen” (Withers, 2002, p. 79).

Towards Multi-modal Biometrics

One of the least discussed topics in biometrics which is related to privacy is ethics. Davies stated in 1998 that “[t]he biometrics industry need[ed] to develop an ethical backbone” (Roethenbaugh, 1998, p. 3). This was with specific reference to the targeted use of biometric technology on minority groups such as prisoners, uniformed personnel and the military. Davies is quoted as saying: “I’ve heard it said that captive groups are a good target market and that the biometrics industry can work outwards from there… The idea of target captive populations is offensive and sneaky” (Roethenbaugh, 1998, p. 3). In the same token, multimodal biometrics present more ethical dilemmas. “Sandia envisage multiple biometrics being used for ultra-secure physical access control applications in the future. They are working on a system that simultaneously applies facial, voice and hand geometry checks” (SJB ed., 1996, p. 1).

The legitimacy of one or two biometrics being used for a variety of applications may be warranted but the use of numerous biometrics could be considered somewhat intrusive and dangerous.Multimodal biometrics may be convenient but there still seems to be a fair degree of privacy issues that have not been considered. It is regularly expressed that “[c]ivil libertarians worry that we’re moving toward a world where our privacy is the price of convenience” (Weise, 1998, p. 1). However, multimodal biometrics vendors pronounce that several modalities “…achieves much greater accuracy than single-feature systems” (Frischholz & Dieckmann, 2000, p. 64). In the final analysis, “[d]espite 20 years of predictions that biometrics devices will become the next big thing, proliferation has been slow because of technical, economic, human-factor, legal, ethical, and sociological considerations” (San Jose, 2002, p. 1). Before the announcement by U.S. President George W. Bush, that the U.S. government was going to utilize advanced technologies for administrative purposes, biometrics deployments seemed to be only steadily increasing. It was during the Bush administration’s reign that the future of biometrics was solidified forever (Bain, 2008).

BIOMETRIC APPLICATIONS

Overview

First-mover Biometric Deployments for Government Applications

At the turn of the century, Unisys was just one of about twenty well-known companies that promoted biometric technology to be used with respect to the following applications: social services, driver’s licensing, voter registration, inmate verification, national identity, immigration control, patient verification and banking (Figure 4). In 2003, several U.S. states had biometric identification programs already for the distribution of social welfare including in Arizona, California, Connecticut, Illinois, Massachusetts, New York, New Jersey and Texas. Today that number is closer to about thirty U.S. states and many more with plans to implement biometrics in the future (Motorola, 2005).

Prior to the September 11 attacks, very few U.S. airports were equipped with biometric technology for the purpose of immigration control. At Newark and JFK airports, the Immigration and Naturalization Service Passenger Accelerated Service System (INSPASS) used hand recognition terminals. In the U.S., Charlotte/Douglas, Orlando, Reagan, Washington Dulles, Boston Logan and Chicago O’Hare international airports also had biometric systems, all but the former using fingerprints. Andreotta (1996) provides detailed information on what INSPASS was and how it worked and Bernier (1993) gives a brief overview. The feature article on immigration and biometrics by Atkins (2001) raises some very important issues. For one of the most in depth case studies on biometric ID see Schulman (2002) on the US/Mexico border crossing card (BCC). The study looks at the differences in personal identification requirements before and after the September 11th attacks and documents some of the changes that have taken place between the US/Mexico border check-point.

The Federal Bureau of Investigation (FBI) is another user of biometric equipment. One of the pioneers of fingerprint technology was Identicator Technology. Since the early 1970s they have specialized in inkless fingerprint products. Some of Identicator’s commercial partners in the late 1990s included S.W.I.F.T. and MasterCard. Identicator customers included the National Security Agency (NSA), U.S. Secret Service and the Social Security Administration (SSA) (Identicator, 1999). Before IAFIS (Integrated Automated Fingerprint Identification System) was developed, the FBI manually processed fingerprint cards, since about the 1920s. By 1997, the projected growth of automated fingerprint live-scans was estimated at 20,000 per work day (Higgins, 1995, p. 409), although this figure is more precisely 20,000 per month (T. Jones, 2006).

The United Kingdom (UK) National AFIS (NAFIS) involving the Police Information Technology Organization (PITO) is another system that shares similar characteristics to IAFIS. As Roethenbaugh reported (1998, p. 2): “By the year 2000, it is expected that NAFIS will support a database of over six million ten-print sets (60 million images) and up to one hundred thousand scenes of crime latents. Between eight and nine million ten-print sets are expected in the database by 2010.” This projection was surpassed in 2004 when 8.2 million ten-print images were stored on the database along with 1.2 million scene-of-crime marks (NG, 2004). Northrop Grumman Mission Systems was the prime contractor and system integrator for the design, development, installation, integration, test, operation, and maintenance of NAFIS in the UK.

In Columbia, voters must have an official voter identification card complete with photograph and digitized fingerprints before they can legally participate in the election process (O’Connor, 1998, p. 4). Jamaica is also experimenting with fingerprint minutiae data for a register of eligible voters (Woodward, 1997, p. 1483). BallotMaster is a biometrics-based voting system that ensures one vote per citizen. It was developed jointly by Neurodynamics and Surveys International. The system uses a bar code card for pre-registered voters and takes advantage of fingerprint biometric technology. Inmate verification is another application of biometrics. Since 1990, Cook County (Illinois) Sheriff’s Department has been using retinal scanning to process prisoners (Ritter, 1995). The Department processes between 300 and 500 people per day, mostly in the morning and has compiled a database of 350,000 individuals (Brakeman, 1998, pp. 1-3). According to Tom Miller of the U.S. Department of Justice, inmates, prison staff and visitors will be required to enroll in the biometric system at all Federal prisons in a bid to reduce inmate escapes (Figure 5). “A major use of biometric-based security systems is not so much designed to keep people out, as to keep them in. Prisons have begun using fingerprint and hand geometry readers to track prisoners. Such systems have also been employed to monitor parolees...” (O’Connor, 1998, p. 5). The Australian Government invested in speech recognition and natural language software developed by ScanSoft in 2003 in a bid to cut personnel costs in Centrelink’s high volume contact center.

Biometrics for Private Enterprise

Biometrics systems once considered for law enforcement purposes are now being used in private enterprises (Woodward et al., 2001). Products such as the AFIM (Automated Fingerprint Recognition Machine) Time Security System by International Automated Systems (IAS) are being marketed to employers who would like additional payroll accuracy. Among the advantages IAS outlined are cost effectiveness, improvement in manager’s effectiveness, and employee morale. Australia’s largest supermarket chain, Woolworths Ltd has been using Identix fingerprint scanners for almost a decade to monitor employee attendance: “[i]nstead of punching time cards, about 100,000 employees check into PCs located in 500 stores. Each store has one or two PCs running time and attendance software” (Aragon, 1998, p. 5). The Coca-Cola Company uses hand scanning for time and attendance for some of its employees (Chandrasekaran, 1997) as do many medical facilities such as hospitals (Woodward et al., 2001, pp. 93-99).

At universities, biometric systems have been introduced for meal allowances, entrance into examinations and tutorial attendance. At the University of Georgia for example, hand geometry has been in place since 1972 for payment of meals (Weise, 1998, p. 3). In banking several trials have been conducted using fingerprint identification for ATM cardholder verification in order to do away with the traditional PIN. Since the mid-1990s the prospect of iris ATMs have been given attention in the popular press (Fernandez, 1997, p. 10). Sensar’s prototype, IrisIdent was one of the first iris recognition systems proposed for the banking sector. Coventry, Angeli and Johnson (2003) have conducted usability studies that reinforce the promise of biometrics at the ATM interface. Still, it will be some time before this kind of authentication enters the market commercially in the banking sector.

One of the most challenging to design and yet the most acceptable form of biometrics is voice recognition. Nortel Networks has been a world leader in offering total solutions for public and private operators. In Canada and the U.S. people were able to use spoken commands to access information as far back as the late 1980s. In Canada, for instance, a subscriber who wished to access directory assistance or dial a number could do so by speaking the digits into the handset (Cameron, 1996, p. 32): “ADAS Plus used speech recognition to discern the caller’s language preference, the city for which a telephone number was requested, and whether the listing is residential or non-residential. The system displayed the information on a monitor, and a human operator provided the actual listing.” The business case for high-volume call centers like hotels, airlines or car reservation companies to incorporate voice recognition is becoming more and more viable (Datamonitor, 1998). More innovative uses of biometrics is for animal ID, particularly for monitoring whales as they migrate in the ocean, and even mice (Nilsson et al., 2003). Exceptionally novel is the Argus Solution developed especially for patience recovering from drug addictions etc (Figure 6).

Case 1: Biometrics in Government Applications

Social Services and Citizen ID

In the U.S. biometrics systems have been used for electronic benefits transfer (EBT) and other social services since July 1991 (Campbell et al., 1996). In a bid to stop fraud, the Los Angeles County in California introduced AFIRM (Automated Fingerprint Image Reporting and Match) for the administration of its General Relief (GR) program in the Department of Public Social Services (DPSS). The following extract is from the Hewlett-Packard (HP) case study on the Los Angeles deployment (HP, 1995, p. 3). “Using the AFIRM system, a GR applicant places his or her index finger on a live-scan camera which displays the image on a workstation in the district office. The prints are scanned... The image is then analyzed by the workstation to ensure acceptable quality and correct positioning. If necessary, the system prompts the clerk to re-attempt image capture. If the image is satisfactory, it is transmitted over a dedicated phone line, along with the demographic data, to the central site where it is compared against all other prints in the database...” GR is for people who are not eligible for financial assistance from both the federal and state governments.

In 1994, National Registry Incorporated (NRI) supplied finger-image identification systems to the Department of Social Services (DSS) in Suffolk County and Nassau County, New York. The New Jersey Department of Human Services and DSS of Connecticut were also later clients of NRI- all requiring finger-image systems to eliminate fraudulent activities. David Mintie, the project coordinator of Digital Imaging for the state of Connecticut, reported that this electronic personal ID system (1996, p.1):

“- conveniently and accurately enrolls qualified General Assistance (GA) and Aid to Families with Dependent Children (AFDC) clients into a statewide database

In 1995 the San Diego Department of Social Services (DSS) announced that it was implementing a pilot project for a fingerprint identification solution to ensure that public funds were being distributed to the correct recipients. Among the problems of the legacy system outlined by the county supervisor were the falsification of photos, signatures and social security numbers which were encouraging applicants to sustain multiple identities, commonly referred to as double-dipping. In November of 1996 the Pennsylvania DPW issued a Request for Proposal (RFP) for an automated fingerprint identification system (AFIS). As Mateer of BHSUG reported (1996, p. 2), the system was referred to as PARIS (Pennsylvania Automated Recipient Identification System) and would have the ability to “capture digitized fingerprint, photo, and signature images of cash, food stamp, and medical assistance ‘payment name’ recipients, who are required to visit county assistance offices (CAOs).”

In 1996 in Spain, all citizens requiring to be considered for unemployment benefits or worker’s compensation were issued with a smart card by the Ministry of Labor and Social Security (Kaplan, 1996, pp. 31f). The so-named TASS (Tarjeta de la Seguridad Social Espanola) initiative required the fingerprints of the smart card holder (Pepe, 1996; Jurado, 1996). Unisys reported that by early 1997 about 633 kiosks would have been installed in eight cities of the Andalucia region, covering about one fifth of Spain’s total population (i.e. approximately 7 million persons). The TASS project brought together some of the biggest telecommunications manufacturers, like Motorola (IC), Fujitsu-Eritel (network infrastructure), AT&T (kiosks), Siemens Nixdorf (smart card reader/writers) and Telefonica Sistemas (portable reader/writers). “To use the kiosks, citizens… insert their smartcards and then are prompted to place a finger on a fingerprint reader. Once the fingerprint has been verified, citizens are… granted access to the data” (Unisys, 1997, p. 1).

Similarly the Dutch National ChipCard Platform (NCP) requires the cardholder’s personal and biometric data to be stored on a smart card “…and be readable across a wide variety of terminals- for instance at libraries, banks, insurance companies, theatres, municipal authorities and mass transit undertakings” (D. Jones ed., 1996, p. 6). Cambodia’s national identification card also stores biometrics (fingerprints) but on a 2-D bar code instead of an integrated circuit. The cards have a 2D bar code that contains the citizen’s name, photograph, a digital fingerprint and demographic information. Initially the cards are to be used as identification for travel, voting and employment; but other applications to be added later have not been discounted (Automatic ID, 1998, p. 20).

Customs and Immigration Control

INSPASS was once envisioned to grow to include other airports at Miami, Chicago, Honolulu, Houston, Los Angeles and San Francisco, until the introduction of the ePassport. Prior to September 11th old sites at JFK, Newark, Toronto and Vancouver were upgraded with the latest technology. The strategy was to replace hand geometric devices with fingerprint devices in the long-term to ensure standardization. In 1996, the German federal government was seeking to implement hand geometry at Frankfurt’s Main Airport. The preferred German biometric technology was hand geometry which differed to that biometric used in the INSPASS project at Newark, JFK and Toronto airports.

The U.S. and Canada are not the only nations that are working on automated inspection systems for immigration purposes. In 1996, others countries included Australia, Singapore, Hong Kong, Holland, Germany, and the United Kingdom, Bermuda. Travelers who preferred to be identified using biometrics had to undergo a profile security check by authorities. In the case of North America, this included checking whether the traveler was a permanent resident or citizen of the U.S., Canada, Bermuda or part of the Visa Waiver Pilot Program (VWPP), had a criminal history or any previous customs infringements. If the traveler was deemed to be of low risk, they were enrolled to use the system for one year- the pass renewed annually. “At enrolment demographic details are captured and stored, along with a photograph and signature as well as the templates and images of prints from their two index fingers... Arriving travelers go to the CANPASS immigration lane and insert their card in a terminal for their fingerprints to be verified. The card is automatically checked against a database to ensure that it is valid... Travelers with goods to declare just put the relevant form in a slot and the correct amount of duty is charged to their credit card” (SJB, 1996c, p. 1). Only PortPASS holders were required to pay a small fee to enroll. When INSPASS began there were 2000 frequent fliers, in early 2003, there were over 100000.

Today, the rollout of the ePassport has had a major impact in the way travelers are authenticated, especially upon arrival. In Australia, several trials were begun and the first deployment of the SmartGate Automated Border Processing was in August of 2007 at Brisbane’s International Airport (Department of Immigration and Citizenship, 2008). The SmartGate solution was part of a broader strategy by the Australian Government to employ biometrics towards the improvement of border security techniques. The SmartGate solution works using a two step process. At the kiosk the traveler checks if they are eligible to self-process by placing their ePassport into the reader and answering standard declarations via a touch-screen. If the traveler is eligible to proceed a ticket is printed for them, and they carry this to the ‘smart’ gate where a live identity check and clearance is performed. By inserting their ticket into the reader, a photo of the traveler’s face is taken and compared with the image in their ePassport. If the two images match, the traveler is allowed entry. If the images do not match, the ticket is retained and the traveler is directed to go via a manual process (i.e. a Customs officer check).

Towards Biometrics as a Hub for Integrated Auto-ID Systems

In the past, governments worldwide have been criticized for their inefficiencies regarding the distribution of social services. Reports of persons who have been able to collect over ten times what they are lawfully owed by declaring several different identities (and postal addresses) have increased. Other reports indicate that persons who have the greatest need for social concessions are not the ones who are necessarily receiving them because of incorrect information that has been supplied about their eligibility to authorities. There are still many developed countries around the world which use paper-based methods in the form of vouchers, coupons, ration cards, concession cards to operate large-scale federal and state programs. As recent as 1994, even the Department of Agriculture in the U.S. issued paper coupons for food stamp programs, although it was not long before they moved to an electronic system (Hausen & Bruening, 1994, p. 26).

Since that time, the U.S. also introduced ‘food card’ applications using magnetic-stripe (Pennsylvania- since 1984) and smart cards (Ohio since 1992). Some states used magnetic-stripe cards to help verify that the patient is indeed eligible for ‘free’ consultations to the doctor. The magnetic-stripe card first replaced paper based records that were prone to error. Smart cards are also being increasingly promoted by government agencies, many of them set to store citizen biometrics for additional security purpose. The latest trend in Federal and State government systems is program centralization (Marshall, 1997, pp. 10-15). Using database matching principles and smart card technology, one card can be used to store all the citizen’s personal information as well as their eligibility status to various State programs. Data-matching has been defined as “the comparison of two or more sets of data to identify similarities and dissimilarities... the term is used to denote the use of computer techniques to compare data found in two or more computer files to identify cases where there is a risk of incorrect payment of personal financial assistance or of tax evasion” (Privacy Commissioner, 1990, p. 1).

In England a similar model has been implemented (D. Jones, 2000): “the Department of Social Security (DSS) announced details of its new Generalized Matching Service (GMS)... It is hailed as the first system of its kind in Europe and will cross-match data across a number of benefit areas” (Smith, 1995, p. 40). The system has provided the foundations for national ID smart cards in the U.K. According to the UK Home Office (2008): “[t]he National Identity Scheme is an easy-to-use and extremely secure system of personal identification for adults living in the UK. Its cornerstone is the introduction of national ID cards for UK and EEA residents over the age of 16… Each ID card will be unique and will combine the cardholder’s biometric data with their checked and confirmed identity details, called a ‘biographical footprint’. These identity details and the biometrics will be stored on the National Identity Register (NIR). Basic identity information will also be held in a chip on the ID card itself.”

Gold (1996) estimated that the highly organized fraud racket in the U.K. was costing the government about 2 billion pounds a year. This was obviously an over-inflated figure with more recent statistics from the Home Office showing that identity fraud has cost the UK over 1.7 billion pounds in sum total. The UK’s Fraud Prevention Service also recorded 67,406 victims of identity fraud in 2006, over 10,000 fake passport applications annually and 430,000 illegal migrants residing in the UK. Identity-related benefit fraud was costing the taxpayer between twenty to fifty million per annum.

The single card approach is not only purported to greatly reduce operational costs but is equipped to catch out persons who have deliberately set out to mislead the government. In the U.S. for instance, there was a new Electronic Benefits Transfer (EBT) paradigm which called for a single card that could deliver benefits from multiple government programs across all states. The hope was that the system would be in place by 1999 (Robins, 1995, p. 58). The initial focus was on food stamps and AFDC but other benefits such as old-age pension, veteran survivors, and unemployment would eventually be integrated into the system (Jackson, 1996a, pp. 1-2).

Singapore, Spain, Germany and the Czech Republic were some of the first countries to introduce national ID smart cards. Proposed national ID schemes in other countries like Greece have fuelled much debate since the mid-1990s. In Greece, the preliminary decision to record a person’s religion on the national ID card was not surprisingly met with opposition, particularly by religious minority groups. One of the largest-scale smart card government projects is in China, led by China Citizen Card Consortium. The plan was to have one integrated card for citizen identification, health care and financial purposes. “The smart card is set to store the bearer’s ID number, health care code, address, birthdate, parents’ names, spouse’s name and a fingerprint” (Valles, 1998, p.7). The Taiwan government also considered following the Chinese initiative as their own paper-based identification card (as of 1998) was extremely ineffective- it did not carry a magnetic-stripe, nor did it have embossed numbers and it was very flimsy. The Philippines government was also embarking on a national ID card project which would have included biometric data as were the South Africans with the Home Affairs National ID System (Woodward, 1997, p. 1483).

Malaysia and Thailand are also following in the footsteps of Singapore. Malaysia’s MultiPurpose Card project, Mykad, is a flagship of the Multimedia Super Corridor (MSC). “The plastic card… has an embedded chip… that can perform a variety of functions… designed to combine national ID, driver’s license, immigration information, health information, e-cash, debit card and ATM card applications” (Creed, 2000, p. 1). In 1998 in South America, there were smart card trials in Brazil (Curitiba) where 30000 city employees were issued with smart cards that acted as a government ID and allowed monetary transactions. In 1999, the program was extended to families of municipal employees, and then to the city’s entire 1.5 million urban population” (Automatic ID, 1998, p. 1). This ID card has an RF interface, i.e. it is contactless. More recently, Saudi Arabia has embarked on a national ID scheme. Post Sept 11, there was a series of attempts to introduce national ID card schemes in numerous countries as documented by Privacy International (PI, 2002). One of the main findings from an investigation into national ID cards was that they do not in any way curb the threat of terrorism.

The U.S. Department of Defense (DOD) instituted a multiapplication smart card to replace the various military paper records, tags and other cards. The MARC program (Multi-Technology Automated Reader Card) was a targeted pilot in the Asia Pacific with 50000 soldiers. According to authorities, it was so successful that the card was distributed to all 1.4 million active duty armed forces personnel. Many believe that MARC was a large-scale trial necessary to prove-in a national ID for all citizens in the U.S., incorporating numerous government programs. Coordinator, Michael Noll said that the ultimate goal of MARC was: “‘[a] single standard, multiple-use card that [could] be used across the government’... for applications such as payroll, employee records, health care and personnel assignments” (Jackson, 1996b, p. 41). MARC was first used during the Gulf War crisis. The card contains a magnetic-stripe and integrated circuit, as well as a photograph and embossed letters and numbers and it can handle up to 25 applications. Today all military personnel use the Common Access Card (CAC) for a number of different applications (Kozaryn, 2000). After the September 11th attacks on the U.S., Oracle’s CEO Larry Ellison offered to provide free software for a mandatory national ID smart card which would contain at minimum a photograph and fingerprint (Levy, 2001, p. 1). Sun’s CEO Scott McNealy also advocated a national ID (Scholtz & Johnson, 2002, p. 564).

Like the U.S., Singapore also tested a military ID card in 2002. The Clinton Administration also wanted to adopt smart card technology to track the expenses of federal government staff, responsible for 8.5 billion US dollars of annual expenditure. The card would be used to log travel expenses, make small purchases and allow for building access (D. Jones ed., 1998, p. 16). Also, smart cards were touted to be the driving force behind digital signatures allowing for encrypted messages between government agencies and citizens when Internet ecommerce applications like online taxation become mainstream applications. An exhaustive list of U.S. government applications using card technologies can be found in the U.S. Financial Management Service (1990). This study, though dated now, is a very comprehensive investigation into all the card programs in the U.S. at the federal and state level. Federal applications include: agriculture, commerce, energy, justice, NASA, transportation, treasury and veteran affairs. Defense was a topic that was treated as a special government application. The military takes advantage of numerous types of auto-ID technologies. In Bosnia in 1997 the military provided the most modern logistics system, featuring long-range RFID, smart card and bar code working in concert (Seidman, 1997, p. 37).

Case 2: Entertainment

Expo ‘92 was held in Seville, Spain. There, season ticket holders had to carry a smart card and use a biometric fingerprint reader to have access to the various sites and exhibits. The biometric fingerprint system was produced by the Bull subsidiary, Telesincro (M. Chadwick, 1992, p. 253). The aim at this event was to prevent ticket holders from giving their passes to their friends and family members to use (Zoreda & Oton, 1994, p. 172). This was quite an innovative solution for its time. Similarly visitors wishing to have seasonal or annual passes into Walt Disney’s theme parks in Florida U.S.A., also have to use a fingerprint biometric system (Chandrasekaran, 1997; Higgins, 67-68). Magic Kingdom, Epcot and Disney MGM are all involved in the biometric trial. The system uses fingerprint recognition and the measurement is useable at each of the three theme parks (SJB, 1996b, p. 1). Today, Walt Disney World is the largest single commercial application of biometrics in the U.S., with tens of millions of people using biometric readers to gain access to four theme parks in Orlando (Harmel, 2006). It is no secret that the U.S. Government have consulted Walt Disney toward large-scale civilian implementations of biometrics (Hopkins, 1999).

Face recognition systems have even made their debut in ten Nevada casinos. The joint venture between Mr. Payroll and Wells Fargo & Company uses the Miros TrueFace engine and Atreva machines. Gaming patrons can only cash their checks after agreeing for their picture to be taken. Once enrolled the patrons have their image stored for future identification. In 2001, Identix installed fingerprint recognition systems for patrons in two Las Vegas casinos. Biometrics systems are also used at global sporting events like the Olympic Games. Since Barcelona (Spain) in 1992 the level of security biometrics offers was recognized more widely. Access to the air traffic control tower at the airport in Barcelona was limited to fewer than 200 persons using signature recognition in case of terrorist attacks. At the 1996 Atlanta Olympic Games over 40000 athletes, staff and volunteers used a biometric system which measured hand geometry. Those wishing to have access to the Olympic Village required to have their hand characteristics verified. There were 125 verification devices installed at entry points into high security areas. Despite these security measures an attacker was still able to plant a bomb that went off in the village. At the 1998 Nagano Winter Olympics a biometric system was used to track biathletes.

An Australian company Nightkey is changing the way patrons gain entry to nightclubs across several states. Among the clubs to have adopted the Nightkey biometric system is Liquid NiteClub, Sultan’s Nightclub, Meche, Alma, Amplifier, Metropolis Fremantle, Capitol, The Highlander, and the Gate Bar and Bistro. Nightkey works using a four step process. First a manual ID check is conducted by the club’s authorized personnel, and then scanned using typical OCR software. The image taken is stored on the venues database. Secondly, the right index finger of the patron is then scanned to create a unique ID. As soon as this is done, the original image is deleted and only a value is stored. Step three requires a photo to be taken of the patron and linked to the fingerprint image. Finally, step four takes all the information collected and stores it on a remote co-located server using a secure link. This ensures that patron information does not find its way into terminals or somewhere where it is easily accessible. The benefits of such a scheme are considered to be deterrence from attracting patrons who may engage in some form of anti-social behavior.

Card Technologies Welcome

Companies who are still promoting magnetic-stripe cards for instance, find that entertainment applications are a steady market. Access Control Technologies (ACT) Incorporated specializes in entertainment solutions using prepaid card systems for cashless vending. Like ACT Incorporated, the Plastag Corporation is also a supplier of magnetic-stripe cards to entertainment companies. Plastag is one of the largest manufacturers of casino cards, servicing many states in the U.S. like Naivete, New Jersey, Michigan, Indiana and Missouri.

Smart cards are being used more and more in the entertainment business. Casinos, clubs and bars, sports complexes, cinemas, arcades, fun parks and conferences are using card technologies to encourage loyalty and to verify the user’s ID. McCrindle (1990, pp. 163-170) describes some of the earliest international examples:

“- Pathe Cinema in France: the smart card is pre-loaded with ten tickets. Used as a loyalty card by offering discounts on bulk ticket purchases

- Club Mediterranee in France: guests can use the smart card as a payment card. All their transactions are billed to the one card and can be checked at any time using terminals around the club facilities

- Dallington Country Club: the smart card grants users access to sporting facilities, bars, restaurants, and other shops. The card also has an electronic purse function- users are charged accordingly. The system… [is also used for] monitoring membership control, subscription collection and other statistics.”

As already mentioned Olympic and Commonwealth Games venues are always promoting the use of cash cards and other auto-ID technologies. An estimated 100000 disposable smart cards and 2000 reloadable smart cards were used at Kuala Lumpur at the Commonwealth Games in 1998. The cards were a showcase for the proposed identification card in Malaysia. It was also more convenient for visitors to use electronic cash for buying goods and services. Athletes can also attach RFID transponders to their shoelaces to ensure fair play and accuracy in times recorded (Finkenzeller, 1999, pp. 261-263). One of the first manufacturers of RFID transponders for marathons was Texas Instruments with their ChampionChip product. Marathon runners also wear placards to the front and rear which usually have bar codes (LaMoreaux, 1995, p. 12).

Beyond things one can carry, or one can posses, there are now clubs such as the Baja Beach Club in Barcelona, Spain, where RFID implants grant a patron access to a VIP zone that offers a host of exclusive services (V. Jones, 2004). The cost of getting the implant injection is about $153 USD. Patrons who visit the club regularly believe it is a solution which is about convenience, fashion and safety. There is no longer a need to carry a wallet or ID cards, which can often be stolen or misplaced in crowded spaces. The implant also signifies a fashion statement, and places a patron in an elite group of chipped persons, among who is the director of the Club, Mr Conrad Chase. The Baja Beach Club web site claims that it is the first discotheque in the world to offer the VIP VeriChip (Chase, 2009).

Biometrics Today

Post September 11th biometrics has proliferated for government-to-citizen applications. While the United States was a pioneer in the use of biometrics for border control, the new national security climate spurred on by frequent terrorist attacks has changed state-to-state dynamics (Petermann, Sauter & Scherz, 2006). Anyone entering the United States for instance must now have their fingerprints taken or risk being refused entry. Biometric systems by default do not have an opt-out clause because opting-out usually means being excluded from participation altogether. In this sense, government applications that rely on biometric identification may be considered mandatory. Individuals wishing to be eligible for social security payments need either accept a plastic card with their biometrics on-board or live with the consequences of not being recognized as a valid recipient of services. When biometrics were first introduced as potential solutions for companies (e.g. payroll and access control), the systems were considered clunky, highly proprietary and prohibitively expensive. Today, the systems are lightweight in terms of hardware, the software user-friendly for registration and administration purposes, and the technology scalable making it affordable to even the smallest organization (Osadciw, Varshney & Veeramachaneni, 2002). The technology has also become more pervasive, used to earn patrons reward points at casinos and even granting families entry into fun parks (Xiao, 2007). In addition, guidelines have also now been introduced to conduct payments wirelessly using a biometric (Grabensek & Divjak, 2006). Multimodal biometrics is also on the rise, used to minimize errors and ensure that modality equates to eligibility for all potential registrants. Despite its increased adoption, privacy fears remain, and the issue with who really owns ones biometrics continues to be highly controversial.

CONCLUSION

Biometrics are the first auto-ID technique that required users to place a body part directly onto a digital reader (e.g. fingerprint and handprint). First instituted for law enforcement purposes, biometrics was once considered to be a technology specifically used for convicted criminals. Later it became utilized in closed systems such as prisons, or university campuses. Today, interactive voice recognition systems (IVRS) rely heavily on voice recognition in the absence of call center personnel. Biometrics have also become popular as an additional security feature on the bar code and magnetic-stripe, particularly on government-to-citizen card-based applications. The biometric stored on a 2D bar code for instance, has acted to reignite interest in the bar code as an identification technique. Hybrid cards are now very common. Despite the roll-out of mass market applications however, biometrics are clouded with very real privacy concerns. Stories abound of large databases on external storage media that have accidentally gone missing at airports or have been stolen. The sensitivity of biometric details, such as fingerprint minutae in digital format is of much higher value than ID numbers. Of the most sensitive biometric is an individual’s DNA, which if disclosed, has the potential to reveal very private details (e.g. predisposition to disease). The proliferation of biometric systems presently, are as a result of sweeping changes to legislation which many would argue have been rushed through the political process without adequate thought and safeguards in place.

Hibbert, C. (1996). What to do when they ask for your social security number. In R. Kling (Ed.), Computerisation and Controversy: value conflicts and social choices (pp. 686-696). New York: Academic Press.

Seidman, S. (1990). Wallet-size solutions. In R. Ames (Ed.), Perspectives on Radio Frequency Identification: What is it, Where is it going, Should I be Involved? (pp. 1-19- 11-27). New York: Van Nostrand Reinhold.